Nowadays, email has become the most widely communication way in daily life. Recently, to improve security and efficiency of email system, Kwon et al. proposed a forward-secure password-based email protocol. Unfortunately, by analyzing the security of the scheme, we show that their protocol cannot resist to the forged message attack of the sender server, that is to say, the sender server can disguise as the sender to send a message to the receiver. Then we give the corresponding attack on their protocol. To overcome the flaw, we give an improved password-based authenticated email protocol. In the improved protocol, the sender adopts signcryption to send message in order to prevent the sender server's forgery attack. The analysis of the improved protocol shows that the protocol is secure against the forged message attack of the sender server and can provide the following security properties: confidentiality, the sender's authentication, forward secrecy and undeniability.